Options

SANS 566 - GCCC - worth doing if security auditor?

scascscasc Member Posts: 461 ■■■■■■■□□□
in GIAC
Dear all,

Wanted to find out if 566 - GCCC - is worth obtaining? I have AUD 507 and my work revolves around risk/audits/controls/vulnerabilities etc so wanted to gather opinions on 566 to determine viability.

Please let me know.

Best wishes
AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
· Share on FacebookShare on Twitter

Comments

  • Options
    temuchintemuchin Member Posts: 21 ■□□□□□□□□□
    I just passed GCCC yesterday. Taking AUD507 starting Monday. If i had to pay for it it wouldn't be worth it to me. It's a good course for managers.
    · Share on FacebookShare on Twitter
  • Options
    scascscasc Member Posts: 461 ■■■■■■■□□□
    Thanks for the response, was it hands on? Looking to incorporate in my work and measure compliance to it. Also looking to produce metrics. With my background it seems like only Sans course suitable - risk/compliance/audit/controls etc
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
    · Share on FacebookShare on Twitter
  • Options
    scascscasc Member Posts: 461 ■■■■■■■□□□
    If anyone has either done this or knows about it please do let me know as I have the option of going for this with my company soon. Want to know if its hands on assessing controls and/or worthwhile doing in deducing your cyber posture from a SANS perspective.

    Thanks in advance..
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
    · Share on FacebookShare on Twitter
  • Options
    mactexmactex Member Posts: 80 ■■■□□□□□□□
    I have done SEC566 and have the GCCC. I would say the class is worthwhile ONLY if your organisation is actually planning on implementing the CSC using their model. If not; I would look at a different SANS class. Also; be aware that most of the CSC info is available for free at the CIS website.
    · Share on FacebookShare on Twitter
  • Options
    scascscasc Member Posts: 461 ■■■■■■■□□□
    Thanks for letting me know - issue is I don't see anything that is based around risk/auditing/controls etc. Have GSNA, thought I could add to this.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
    · Share on FacebookShare on Twitter
  • Options
    joeimpjoeimp Registered Users Posts: 4 ■□□□□□□□□□
    I've taken ~10 SANS courses. Personally I felt that GCCC was the most relevant coursework with regards to how I do my job. What I mean is, definitive actions you have to take to do your job right as a security pro.

    I would think that this is a good course to take in conjunction with the AUD course. You get a picture of what controls are supposed to be in place, and how to audit their efficacy.
    · Share on FacebookShare on Twitter
  • Options
    scascscasc Member Posts: 461 ■■■■■■■□□□
    Many thanks for sharing your experiences and responding. Was the 566 a hands on course to do?

    Best regards
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
    · Share on FacebookShare on Twitter
Sign In or Register to comment.